Archive for the 'Funny Stuff' Category


Map Real Time Cyber Attacks

Author: Satish Arthar
May 4, 2016

It seems nearly every day we’re reading about Internet attacks aimed at knocking sites offline and breaking into networks, but it’s often difficult to visualize this type of activity. In this post, we’ll take a look at multiple ways of tracking online attacks and attackers around the globe and in real-time.

 

A couple of notes about these graphics. Much of the data that powers these live maps is drawn from a mix of actual targets and “honeypots,” decoy systems that security firms deploy to gather data about the sources, methods and frequency of online attacks. Also, the organizations referenced in some of these maps as “attackers” typically are compromised systems within those organizations that are being used to relay attacks launched from someplace else.

 
The main method is by getting reports back from Intrusion Detection Systems. So each attack that hits an IDS is reported back you have the source of the attack – which may not be the instigator – just the ip registered as attacking you. and of course the target is known to the IDS as the IDS IS the target.The IDS could be software or hardware based.

 

FireEye Cyber Threat Map, While the FireEye Cyber Threat Map doesn’t technically operate in real time, it does generate a very interesting picture of how surreptitiously installed malware communicates with the server systems that are remotely controlling the malicious software.

 

 

Screenshot

 

 

My favorite – and perhaps the easiest way to lose track of half your workday (and bandwidth) comes from the folks at Norse Corp. Their map – IPViking – includes a wealth of data about each attack, such as the attacking organization name and Internet address, the target’s city and service being attacked, as well as the most popular target countries and origin countries.

 

 

Screenshot from 2016-05-04 14:45:27

 

 
Another live service with oodles of information about each attack comes from Arbor Networks’ Digital Attack map. Arbor says the map is powered by data fed from 270+ ISP customers worldwide who have agreed to share anonymous network traffic and attack statistics.

 

 

Screenshot from 2016-05-04 14:13:50

 

 

Kaspersky’s Cyberthreat Real-time Map is a lot of fun to play with, and probably looks the most like an interactive video game. Beneath the 3-D eye candy and kaleidoscopic map is anonymized data from Kaspersky’s various scanning services. As such, this fairly interactive map lets you customize its layout by filtering certain types of malicious threats, such as email malware, Web site attacks, vulnerability scans, etc.

 

 

Screenshot from 2016-05-04 21:12:33

 

 

The Cyberfeed, from Anubis Networks, takes the visitor on an automated tour of the world, using something akin to Google Earth and map data based on infections from the top known malware families. It’s a neat idea, but more of a malware infection map than an attack map, and not terribly interactive either. In this respect, it’s a lot like the threat map from Finnish security firm F-Secure, the Global Botnet Threat Activity Map from Trend Micro, and Team Cymru’s Internet Malicious Activity Map.

 

 

The Honeynet Project’s Honey Map is not super sexy but it does include a fair amount of useful information about real-time threats on honeypot systems, including links to malware analysis from Virustotal for each threat or attack.

 

 

Additionally, the guys at OpenDNS Labs have a decent attack tracker that includes some nifty data and graphics.

 

Speaking of attacks, some of you may have noticed that this site was unreachable for several hours over the last few days. That’s because it has been under fairly constant assault by the same criminals who attacked Sony and Microsoft’s gaming networks on Christmas Day. We are moving a few things around to prevent further such disruptions, so you may notice that some of the site’s features are a tad flaky or slow for a few days.

 

We made ths post becoz, we Cyber51 decided to build one of our own. When we started more focused on user experience and information accessibility. We were able to create a close to real time cyber attack monitoring system that is engaging, interactive, and insightful. Soon it may suprise you all with nice some functions.

 

Share

February 19, 2016

It’s all over the news: https://www.washingtonpost.com/world/national-security/us-wants-apple-to-help-unlock-iphone-used-by-san-bernardino-shooter/2016/02/16/69b903ee-d4d9-11e5-9823-02b905009f99_story.html

Does the FBI really need Apple’s help to get around an iPhone PIN? We have cracked numerous PINs as part of our Penetration Testing audits for customers…..If Apple refuses, the FBI would be more than welcome to come to us and we would happily assist 🙂

Share

Some funny SSL stuff

Author: Martin Voelk
February 13, 2016

Everyone knows that you shouldn’t use self-signed certificates because they are not trusted by browsers natively and generate an error message. If users get used to accept untrusted certificates, they won’t know the difference between a self-signed and a man-in-the-middle attack. I think most Admins are clear about that. This is why there are CAs like Verisign, Comodo, Godaddy and so on.

But when it comes to Google everything is funny. Many people don’t know that Google runs their own CAs and so it must be natively trusted right because it’s Google?!? This is unfortunately, what the Internet has become. A company just needs to grow big enough and then form their own trusted CA and every browser trusts natively. German Telecom is the same thing.

No user would trust company X with a self-signed certificate over their portal login. Yet if it’s Google or Youtube, all is nicely signed by themselves and the little green lock shows in the browser. All good and safe 🙂 Happy Internet

Screen Shot 2016-02-12 at 22.52.32

Share


Funny Webcam Hack Prank

Author: Martin Voelk
April 13, 2015

Enjoy 🙂

Share

National Network Engineers Week

Author: Martin Voelk
April 8, 2015

network

Share

Awesome Hacking Demonstration

Author: Martin Voelk
April 7, 2015

We have been in the industry for a long time……..
<sarcasm> This video is still amazing. We have all learnt a lot from this bright young guy. If all hackers would have his skill set – the world would be doomed </sarcasm>

Please don’t take it too seriously and don’t abuse the knowledge 🙂

Enjoy!

Share

Jasmine the IT Kid

Author: Martin Voelk
March 30, 2015

This video is a few years old, but still great if you haven’t seen it. A 6 year old kid is configuring IT equipment like a real pro!!
Enjoy 🙂

Share

Amazing Hacking App

Author: Martin Voelk
March 24, 2015

Enjoy 🙂

Share

March 20, 2015

Conducting the interview 🙂

Screen Shot 2015-03-19 at 21.30.18 Bongo the Security Journalist

IMG_1556 Max (Blackhat)

IMG_1554 Pilas (Whitehat)

Interview with Black Hat Hacker Max

Bongo (Journalist): Thanks Max and Pilas for being with me today.
Max (Blackhat): I don’t have much time
Pilas (Whitehat): Pleasure.
Bongo (Journalist): First question to Max: What does a Blackhat do?
Max (Blackhat): I hack into other peoples machines and steal their logins to Amazon, Paypal etc.
Bongo (Journalist): Isn’t this illegal?
Max (Blackhat): Yes, but I am using the TOR Network where I stealth my IP address. Also I live in Asia where law enforcement doesn’t really care.
Bongo (Journalist): Who do you attack?
Max (Blackhat): Random people and businesses around the world. We target financial information like Credit Cards, PayPal accounts etc. Some we use for shopping, some for resale.
Bongo (Journalist): How much money do you make?
Max (Blackhat): A lot.
Bongo (Journalist): How do you get the money out?
Max (Blackhat): Dark Web laundering services, Bitcoin transfers, prepaid ATM cards etc.
Bongo (Journalist): What tools do you use?
Max (Blackhat): Open Source only. Like Kali Linux, Metasploit, RAT Tools, Social Engineering Tool kit, virus and malware generators and encoders
Bongo (Journalist): Do you mean all those tools are free?
Max (Blackhat): Yes all on the Web and Youtube has the How Tos! I gotta go now, I have a Bot Net to run. Time is money….
Bongo (Journalist): Thanks for your time

Interview with White Hat Hacker Pilas

Bongo (Journalist): Now to you Pilas. You are a white hat? What does a white hat do?
Pilas (Whitehat): I work for various clients as a contractor. Both private and public sectors.
Bongo (Journalist): What do you do for them?
Pilas (Whitehat): I perform Penetration Tests with the authorization of them.
Bongo (Journalist): What does that mean?
Pilas (Whitehat): I hack their networks with the same tools a Blackhat would, but I do it with the authorization of the client to strengthen security, provide reporting and mitigation.
Bongo (Journalist): So you are a good hacker?
Pilas (Whitehat): Yes. I am helping to secure networks by understanding a hacker’s tools and methods. I am a certified ethical hacker.
Bongo (Journalist): Interesting. Who are your clients?
Pilas (Whitehat): Banks, Government, Insurance companies, Utilities. Across the board.
Bongo (Journalist): What tools do you use and does it pay well?
Pilas (Whitehat): The same tools Max the blackhat does. Yes it pays very well. We are a well sought group within the IT Industry
Bongo (Journalist): Have you ever abused your knowledge?
Pilas (Whitehat): No. I am a whitehat. Grey hats would sometimes.
Bongo (Journalist): Last question. Should every company get a Pentest?
Pilas (Whitehat): Guys like Max don’t care whether they hack a private individual or a large corporation. The threat is real and everyone should consider having their IT tested.
Bongo (Journalist): Thanks for your time.

Share